As you may already be familiar with SELinux or perhaps not but I won't go in to discussion what exactly it is, know though that the NSA from the USA created it years back and I am an avid user. I recently got my Raspberry PI and using Raspbian but had an abundant amount of time trying to figure out why every reboot and SSH/HDMI Output would cause a large X [cursor], like the old school GUI did when XFree86 GUI didn't work and this is when attempting to start selinux with no success. In short, I have a tutorial I made to help those who may want to try it out and notice it will NOT work out of the box, even if you use apt-get for all 3 required selinux packages.

The output may vary but it should tell you to reboot, so go forth and type

sudo reboot

now and should start to reboot.

CHECK SELINUX
Now, you may have to remotely SSH to your machine as you probably don't see anything but a grey background and big black X for a mouse cursor. If you don't have this problem, SELinux probably was a successful install (lucky you but doubtful). Either way, open a terminal and run the command:

/usr/sbin/check-selinux-installation:19: DeprecationWarning: os.popen3 is deprecated. Use the subprocess module.
@staticmethod
/usr/sbin/check-selinux-installation:23: DeprecationWarning: os.popen2 is deprecated. Use the subprocess module.
def fix():
/etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled – not serious, but could prevent system from booting…

This obviously means SELinux was NOT successful. So, let's fix that!

PERMISSIVE OR ENFORCING?
Now, I would tell you to try and enable permissive mode but it is extremely likely it won't work. So I want you to enable Enforcing Mode by typing:

Hmmm,
Correct me if I am wrong: I believe there should be a line with CONFIG_SECURITY_SELINUX in /proc/config.gz for all this to work. I cannot find it. I have the exact same respons as raspberryjammer.
I do have:

I've been playing with getting SELinux up and running, and it seems as though the situation has changed from the original post above. Most of this information was taken from https://wiki.debian.org/SELinux, which you should refer to if you're embarking down this road.

First off, lenrem is right, you will need to compile a new kernel, as the default kernel is missing some required options. You're looking to have at least CONFIG_AUDIT, CONFIG_SECURITY, and CONFIG_SECURITY_SELINUX enabled, in addition to the default kernel options provided. The complete set of SELinux-related (and required) kernel options I'm using are:

CONFIG_AUDIT=y
CONFIG_AUDIT_LOGINUID_IMMUTABLE=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""

The PAM configuration above is correct, and is a change you'll need to make by hand. You'll also want to set your default mode to permissive, by editing /etc/selinux/config and setting SELINUX=permissive.

Finally, the selinux-enable command won't work for you, because it's looking for grub, and we don't use grub. So edit /boot/cmdline.txt and append selinux=1 security=selinux to the single line in that file. Finally, the last thing the selinux-enable does is force a filesystem relabel, so we can do this by running sudo touch /.autorelabel.

Now reboot your Pi. On this reboot, the filesystem will be relabelled, which does take some time (5-10 minutes, depending). Once complete, it will initiate a reboot itself, and you will be up and running with SELinux in permissive mode!

To switch to enforcing mode, just run sudo setenforce 1. To change your system to always run in enforcing mode, just set SELINUX=enforcing in /etc/selinux/config, and then reboot.

(If you run into issues, PM me, as I've only just created an account to make this note, so it's unlikely I'll be following this topic.)

EDIT: Quick review shows a potential issue with what I wrote regarding the usefulness of selinux-enable. If you're using a display manager (kdm or wdm), selinux-enable will update your PAM configuration for those subsystems such that they are SELinux-friendly. So you may want to run it on your system, if you're using X11 (if you're sticking to a console, there's no benefit to running it, but neither is there a drawback).

I have incorporated everything that has been suggested in this thread to enable SELinux in Raspbian kerbel v4.1.16 v7+.But no luck yet. I keep seeing the below output:

$ sudo check-selinux-installation
../proc/1 kernel..
SELinux is not enabled.
The init process (PID 1) is running in an incorrect domain.

Can one of you please help me figure out if am doing something wrong here.Greatly appreciate your help.
I have not been able to find out where CONFIG_AUDIT_LOGINUID_IMMUTABLE is in menuconfig. Could that be the reason why SElInux is not enabled for me. It would be great if you can let me know which category in menuconfig has CONFIG_AUDIT_LOGINUID_IMMUTABLE. Thanks.

- Before actually compiling the Kernel (zImage modules dtbs) open your .config file in the Kernel's root directory and add the necessary Kernel parameters suggested in the Arch Wiki https://wiki.archlinux.org/index.php/SE ... the_Kernel
This is neccessary, as the default configuration for the Raspberry Pi's kernel does not include SELinux.

- Run the “bcm_defconfig” command again but replace the bcm_defconfig with "menuconfig" at the end to verify SELinux is now enabled in the "Security" options.

Using execstack -c /usr/lib... option does not work as libarmmem.so needs an executable stack.
When using setsebool -P allow_execstack 1 one gets some permission denied erros on many shared libraries. E.g., nano is not working anymore (segfault). It seems the default policy may not be completely valid. The ERROR; ld.so: object '/usr/lib/arm-linux-gnueabihf/libarmmem.so' from /etc/ld.so.preload cannot be preloaded (cannot enable executable stack as shared object requires): goes away by changing the context of libarmmem.so to textrel_shlib_t (chcon -t textrel_shlib_t /usr/lib/arm-linux-gnueabihf/libarmmem.so)